Emails going to spam folder in gmail
Peter Corlett
abuse at cabal.org.uk
Wed Dec 30 10:35:20 CST 2020
On Wed, Dec 30, 2020 at 10:13:40AM -0500, Bill Degnan via cctalk wrote:
[...]
> Attempting to pull in this thread a tad, there are relatively simple
> measures that can be taken to bring a private mail server into compliance
> with gmail, Amazon, Microsoft level mail server protocol and
> authentication.
You have failed to explain why I should make any effort at all to jump
through random hoops set up by FAANG which seem to change on a weekly basis
and where doing so offers no guarantee of success.
> Its not just gmail. The simplest measures are done with DNS and TLS. Most
> of the mail that I see routinely falling into spam folder is from what
> appears to be spoofed domains. Many of these are legit messages
... so therefore they are not actually spoofed.
> [...] that dont have a properly configured DNS record,
I already have properly-configured DNS for mail: an MX record.
> preventing the receiving server from authenticating the FROM domain as
> owned by the sender.
SMTP is an unauthenticated protocol. Further, the futile attempts to bodge
authentication on to it with the likes of SPF and DKIM do not actually help
at all with spam. Until I just added them to my blacklist of pink providers
whose mail is unconditionally rejected, Google was quite happy to unleash a
firehose of spam at my server, all nicely DKIM-signed to tell me it came
from Google like I couldn't have already figured that out from the IP
address.
> A simple fix.
So, what simple fix is this?
SPF is extremely broken by design. The only useful configuration is a short
PASS list of valid-sender IP addresses and a FAIL of everything else (e.g.
"v=spf1 ip4:10.20.30.40 a -all"). This requires ensuring that you can
chokepoint all mail through those hosts, which is not always easy to
arrange.
DKIM attempts to "fix" SPF by adding cryptography, thus adding rather a lot
of extra complexity and CPU usage. This means that classic computers can no
longer send email, because they don't have enough grunt to overcome this
artificial barrier. It makes mail rather brittle and tends to break mailing
lists in an even more spectacular manner than SPF. Just to liven things up a
bit, DKIM is also patent-encumbered.
Then there's ARC which attempts to mitigate various deliverability problems
caused by DKIM making mail more brittle. No doubt further layers of gaffer
tape will follow when that breaks something.
And to what end? So the odds of a hypothetical message sent to a GMail user
ending up in their spam folder drops from 99% to 98%? Here's a nickel kid,
get yourself a better mail provider.
More information about the cctalk
mailing list